• Share
  • Email
  • Embed
  • Like
  • Private Content
Why you need to focus on social networking in your company

Why you need to focus on social networking in your company



Social networking tools like Twitter, Facebook, LinkedIn and many others fill an important gap in electronic communication and information delivery, they allow the broadcast of information in ways not ...

Social networking tools like Twitter, Facebook, LinkedIn and many others fill an important gap in electronic communication and information delivery, they allow the broadcast of information in ways not practical with email or other collaboration tools, while at the same time allowing a highly granular push and pull model of information delivery, such as rapid back-and-forth dialogue between employees, customers, etc. These tools can be used to build a brand or a company’s reputation, monitor perceptions about a wide range of issues, disseminate information, demonstrate industry expertise, and build brand loyalty. Social networking permits individuals to share information and companies to gain competitive advantage in ways not practical or possible with other tools.
However, social networking tools used in a corporate context also pose an enormous liability on a number of fronts.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Why you need to focus on social networking in your company Why you need to focus on social networking in your company Document Transcript

    • WHITE PAPER Why You Need to Focus on Social Networking in Your CompanyON An Osterman Research White Paper Published January 2011 SPONSORED BY sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • info@ostermanresearch.com www.ostermanresearch.com • twitter.com/mosterman
    • Why You Need to Focus on Social Networking in Your CompanyExecutive SummaryTHE UPSIDE AND DOWNSIDE OF SOCIAL NETWORKINGSocial networking tools like Twitter, Facebook, LinkedIn and many others fill animportant gap in electronic communication and information delivery: they allow thebroadcast of information in ways not practical with email or other collaboration tools,while at the same time allowing a highly granular push and pull model of informationdelivery, such as rapid back-and-forth dialogue between employees, customers, etc.These tools can be used to build a brand or a company’s reputation, monitor perceptionsabout a wide range of issues, disseminate information, demonstrate industry expertise,and build brand loyalty. Social networking permits individuals to share information andcompanies to gain competitive advantage in ways not practical or possible with othertools.However, social networking tools used in a corporate context also pose an enormousliability on a number of fronts:• These tools make it incredibly easy for individuals to share confidential, sensitive or otherwise private information, both inadvertently and maliciously, potentially violating privacy or other laws.• Similarly, they make it easy for employees to post slanderous or libelous content about fellow employees, a company’s management, its clients and others.• They are another avenue through which business records can be created and – in the absence of good archiving tools – lost, leading to e-discovery, legal hold, evidence spoliation and other problems.• The absence of good security defenses that are devoted specifically to monitoring social networking protocols can offer hackers and other malicious types yet another means to introduce malware into an organization.• An inability to link identities from social networks to a corporate identity can pose significant problems from a risk management perspective in the context of things like e-discovery and regulatory compliance. For example, a post to a social networking site by a registered representative is considered by FINRA to be a “public appearance”i – a securities firm employing the representative must be able to accurately identify who has made the post.KEY TAKEAWAYSSocial networking tools offer substantial benefits to individuals and organizations, butthey must be managed properly. Decision makers must understand the risks andbenefits from the use of social networking tools in general and also from the specifictools that might be of value. They must develop granular policies about their use andimplement the means to enforce these policies. They must also implement the systemsthat will monitor, review, block and archive social networking content; all while ensuringthat social networking can be used in as friction-free a manner as possible.©2010 Osterman Research, Inc. 1
    • Why You Need to Focus on Social Networking in Your CompanyABOUT THIS WHITE PAPERThis white paper presents IT and business decision makers in organizations of all sizesan overview of the benefits and problems inherent in social networking, what theyshould consider doing to address these problems, and some practical things to consideras they seek to protect their organizations from unfettered use of social networking.Finally, it offers an overview of Actiance, the sponsor of this white paper.The Growing Use of Social NetworkingSOCIAL NETWORKING USE IS GROWING RAPIDLYThe use of social networking tools, both for corporate and personal use, is increasing ata rapid pace. For example:• As of early June 2010, there were 190 million users of Twitter, each of whom post an average of 10.3 tweets per monthii. In February 2008, Twitter had 475,000 unique visitorsiii, an increase of 400 times in just 28 months.• Also as of June 2010, there are 519 million users of Facebookiv, up from 20 million unique visitors in February 2008v, an increase of nearly 26 times during the same period.• As of May 2010, LinkedIn – a primarily business-oriented tool – had 65 million usersvi, up from just one million in September 2004vii.Further, Osterman Research has found that corporate users spend an average of 18minutes on a typical workday using social networking tools, or about 4% of theirworkdayviii, as shown in the following figure.©2010 Osterman Research, Inc. 2
    • Why You Need to Focus on Social Networking in Your Company Minutes Spent per User per Day Employing Various Communication ToolsSOCIAL NETWORKING OFFERS A NUMBER OF IMPORTANT BENEFITS…While much has been made of social networking tools being used to announce whatindividuals had for breakfast or distributing other fairly trivial content, these tools areactually being used for real world business applications. For example, social networkingtools can be used for a variety of business purposes, such as generating new business,making product announcements, distributing company information, establishing industryexpertise with a group of prospects, managing a brand, monitoring user opinions orconsumer sentiment, and so forth. Social networking tools provide a unique channel forreceiving and disseminating information that other media simply do not offer.….BUT IT ALSO INCREASES OVERALL CORPORATE RISKDespite the many benefits of social networking and the unique opportunity it offers togain competitive advantage, educate prospects and the like, it also increases corporaterisk substantially. For example, among the risks that organizations face when theirusers employ social networking are the following:• Unauthorized sharing of sensitive or confidential information Consider the following tweets from early July 2010 (tweeters names removed): o “Some1 @ work is getting fired next month....I wanna tell them, should I, jobs r hard 2 come by, and I think they need a heads up, HELP!!!” o “I love to see when my boss is drunk and its 8:30 pm (@ [COMPANY NAME REMOVED]) [MAP TO COMPANY LOCATION REMOVED]”©2010 Osterman Research, Inc. 3
    • Why You Need to Focus on Social Networking in Your Company• Inappropriate comments made by employees Employees will at times make comments using social networking tools that could reflect poorly on their employer. For example, in early 2009, an employee of Ketchum, a public relations firm, used Twitter to post some derogatory comments about the city of Memphis shortly before presenting to the worldwide communications group at FedEx – Memphis’ largest employer. An employee of FedEx discovered the tweet, responded to the tweeter, and then copied FedEx’s senior managers, the management of FedEx’s communication department and the powers that be at Ketchumix.• Identity management An organization that cannot prove the identity of individuals purporting to be representatives of their company, or that cannot tie social networking identities to corporate identities, faces significant risks from a compliance perspective.• Another venue for malware infiltration Social networking tools, by virtue of the fact that they use newer techniques like short URLs, can allow malware to enter a corporate network in ways it could not via email or the Web. Also, the growing availability of third-party applications for which there is no quality assurance testing or the like, such as many of the 40,000-plus applications available on Facebook, increases malware risk.• Business records lost that should be retained Social networking posts sometimes contain business records that should be retained. For example, the Financial Industry Regulatory Authority (FINRA) issued Regulatory Notice 10-06 in January 2010 that requires retention of relevant posts to social networking sites made by broker-dealers. Local governments that make announcements on social networking sites will often need to retain this content as part of sunshine or freedom-of-information laws. Some courts have already begun using posts to social networking sites as part of e-discovery proceedingsx. Organizations cannot rely on social networking site operators to retain posts. For example, Facebook retains content only for 30 days, Twitter retains only the last 3,200 tweets, and so forth. Clearly, organizations must retain data and they cannot rely on social networking operators to do this for them.Most organizations today do not have the ability to capture relevant content from socialnetworking sites and retain it for long periods as many do for other types of businessrecords. Nor do they have the ability to monitor employee posts to social networkingvenues to check for inappropriate content that could result in a lawsuit or quash amerger or damage their corporate reputation. The result is that organizations areincreasingly at risk as the use of social networking tools continues to grow. This risk ismulti-faceted and includes the potential spoliation of evidence, a failure to preventsexual harassment between employees, charges of libel and other quite negativeconsequences.It is also important to note that there are thousands of social networks in use – theproblems discussed in this white paper are not limited just to Twitter, Facebook and©2010 Osterman Research, Inc. 4
    • Why You Need to Focus on Social Networking in Your CompanyLinkedIn. For example, Orkut is the most widely used social network in Brazil, Skyrockis the most popular in France, and bulletin board systems are the most popular socialnetworking tools used in China.In short, the growth of social networking has far outstripped decision makers’ awarenessof the risks they face from its use, as well as the technologies that have beenimplemented to address the risks. And, the problem has been compounded becausemuch of the growth in the use of social networking tools has occurred during a period inwhich IT budgets were being cut and decision makers’ attention has been focusedelsewhere.Social Networking is Too Important Not to ManageDECISION MAKERS CAN NO LONGER IGNORE SOCIAL NETWORKINGClearly, decision makers can ignore the risks of inappropriate use of social networkingtools only at the risk of facing enormous legal judgments, regulatory complianceproblems, or significant damage to their corporate reputation.On the flip side, they cannot avoid the use of social networking tools, particularly inhighly competitive industries, because these tools offer the opportunity to win newcustomers, derive additional revenue from existing customers, position a company in anew market, etc. The bottom line is that social networking is now too important not tobe considered carefully by corporate IT and business decision makers.HOWEVER, MOST ORGANIZATIONS DO NOT HAVE POLICIES OR TOOLSFOCUSED ON MANAGING THE USE OF SOCIAL NETWORKINGOsterman Research has discovered that most organizations either have no policyfocused on the use of social networking tools, or whatever policies that do exist arerelatively basic. For example, as shown in the following figure, the three leading socialnetworking tools used in corporate environments are the three tools least governed byany sort of corporate policy.©2010 Osterman Research, Inc. 5
    • Why You Need to Focus on Social Networking in Your Company Existence of Policies for Various Communication and Social Networking Tools (% of Organizations That Have Established a Policy)Many decision makers have not bothered to establish policies for use of socialnetworking tools in large part because a) they often underestimate the penetration andreach of these tools in their organizations, and b) they simply don’t realize the risksassociated with unmanaged and unfettered use of these tools.This puts organizations at serious risk, as discussed above. Further, the lack of policiesfocused on appropriate and inappropriate use of social networking means thatorganizations have not taken the critical step necessary for them to implement the righttools and procedures for managing the use of social networking – without policies, it isvirtually impossible to deploy and manage the right systems, since these system existsimply to enforce policies.SOCIAL NETWORKING MUST BE PROPERLY MANAGEDThere are three things that any organization should do in the context of managing socialnetworking in their organization:• Monitor content posted by representatives of the organization Organizations should monitor all posts to externally facing social networking sites like Facebook, Twitter, LinkedIn, etc. These posts can contain a variety of sensitive content, such as information about an impending merger, upcoming layoffs, the identity of a new customer, a recently discovered technical problem in a product, or©2010 Osterman Research, Inc. 6
    • Why You Need to Focus on Social Networking in Your Company other content that senior management may not want publicly divulged. The principle that should be used in managing social networking content should be largely the same as that used for any type of data leak prevention as it applies to email, instant messaging and other electronic tools.• Monitor content sent within the organization Information that is sent using internally facing social networking tools, such as Lotus Connections or Microsoft SharePoint, should also be monitored closely for content that could be harmful. As with other electronic communication tools, employees can send racially or sexually offensive content to one another, they could share trade secrets internally that should not be distributed to employees without appropriate clearance, or they could make statements about other employees that could violate privacy requirements. Further, some industries have strict regulatory obligations to limit the transfer of certain types of information between different operations within a company. For example, in a vertically integrated energy company, Federal Energy Regulatory Commission (FERC) Order No. 717 requires companies to create an ethical wall between the transmission and marketing functions of their business. Similarly, various laws focused on the financial services industry exist to prevent inappropriate communication between research and trading operations.• Archive business records contained within social networking posts It is also critically important to retain relevant content within social networking posts for purposes of regulatory compliance and e-discovery, as well as for internal demands for things like informal early case assessment. Because a tweet/retweet, Facebook post or LinkedIn testimonial can contain a business record, there is no distinction between this type of record and one contained in an email or instant messaging conversation. Further, because most social networking tools forward notifications to email, there is a good chance that an organization’s social networking content is being stored in other organizations’ archives. An organization’s retention of relevant social networking content clearly demonstrates appropriate management of its electronic records. As discussed above, FINRA codified the requirement to retain relevant social networking posts in Regulatory Notice 10-06. That document reads, in part, “Every firm that intends to communicate, or permit its associated persons to communicate, through social media sites must first ensure that it can retain records of those communications as required by Rules 17a-3 and 17a-4 under the Securities Exchange Act of 1934 and NASD Rule 3110.”A Four-Step Plan for Managing Social NetworkingOsterman Research recommends that any organization that is using or is consideringusing social networking capabilities of any kind undertake a four-step process forprotecting against the risks associated with the use of these technologies, while at thesame time maximizing the value they derive from them.©2010 Osterman Research, Inc. 7
    • Why You Need to Focus on Social Networking in Your CompanyUNDERSTAND HOW AND WHY SOCIAL NETWORKING IS USEDIt is important for any organization to understand how and why social networking isused in the organization. For example, if the only use of these tools is personal, thatwill have different ramifications for the technologies that are deployed to monitor andarchive content than if social networking is used for established business purposes.Consequently, IT should conduct a thorough audit of how social networking is used,which tools are used, why they are used and so forth. This audit should also include aforward-looking focus on how these tools might be used in the future, how competingfirms are using these tools, and new capabilities that might be employed in the future.It is important to note that there may be a significant disconnect between what ITperceives as a legitimate application of social networking and what individual users orbusiness units perceive as legitimate. The goal, of course, is to balance the competinginterests of both groups and derive the greatest benefit from the use of socialnetworking while still remaining compliant with corporate policies and securityrequirements, which could include:• Marketing, communications, PR teams and spokespeople who want the ability to post commentary, create events and utilize the full functionality of social networks.• Corporate users, such as Human Resources and legal staff who need to research new hires and investigate shared content.• Regulatory compliance teams who must not only maintain records of shared content and activities, but also approve and moderate subject matter.• Employees who utilize social networks to prospect for business, network with customers and partners and collaborate with suppliers.UNDERSTAND THE RISKS OF INADEQUATE MANAGEMENTNext, it is important to understand the consequences that can result when socialnetworking content is not monitored, when business records in social networking postsare not retained, and so forth. It would be appropriate at this phase of the evaluationprocess to understand the potential consequences associated with not managing socialnetworking use adequately. For example:• If employees want to discuss work conditions or complain about their benefits, for example, employers are not permitted to interfere with these communications according to rules codified in the National Labor Relations Act. This means that employers must tread a fine line between monitoring and blocking social networking for inappropriate use or sharing of content in an inappropriate way and preserving the rights of employees to share information. Further complicating the issue is the need for multinational organizations to satisfy the diverse requirements of each territory in which it operates.• If business records or actionable information are sent via social networking tools, management’s decision to purge this content could be seen as spoliation of evidence in a lawsuit. For example, if management decides not to preserve sexually harassing©2010 Osterman Research, Inc. 8
    • Why You Need to Focus on Social Networking in Your Company direct messages sent using Twitter, a party offended by this content that takes legal action may be entitled to access the archives of these posts as part of an e-discovery exercise and could claim spoliation in their absence. The ramifications of spoliation can be substantial and include fines and sanctions imposed by the court, the requirement to pay the prevailing party’s legal fees, attorneys’ costs for additional motions, and other serious consequences.• The US Federal Trade Commission has issued a ruling that restricts organizations’ use of testimonials by bloggers, if bloggers have been paid to endorse a product, and so forth.• Somewhat related to the point above is that investment advisers cannot be the beneficiary of a testimonial or recommendation on LinkedIn because of the potential violation of Rule 206(4) of the Investment Advisers Act of 1940xi. This rule makes it illegal for an investment adviser to publish or benefit from an advertisement or testimonial that deals with their conduct as an adviser.• Registered representatives are subject to scrutiny when they post content on social networking sites, including monitoring of their posts and retention of their communications.IMPLEMENT POLICIES FOCUSED ON APPROPRIATE USE OF SOCIALNETWORKINGThe next requirement is to implement policies that will attempt to strike the appropriatebalance between employee freedom to communicate via social networking tools, thebusiness benefits that will come from the use of these tools, compliance with industryregulations, and advice from legal counsel. Considerations for these policies include:• Policies about the use of social networking tools should be part of an overall messaging and communication policy that covers the use of corporate email, personal Webmail, instant messaging, collaboration workspaces, cloud-based storage tools and any venue through which individuals might share corporate information.• Sufficient granularity should be included so that differing roles within the organization are clearly subject to different policies. For example, energy and securities traders should have different rules about their use of social networking than clerical staff, senior managers should be subject to different policies when communicating with external auditors than when they communicate with employees, formal communications that represent a company position should be subject to different scrutiny than personal communications, and so on.• Policies should also include a detailed discussion about appropriate use of social networking tools, including requirements not to post sexually or racially offensive comments or images, not to include links to inappropriate Web sites, not to defame or slander others, not to post content that could run afoul of copyright laws, not to post personnel records or other sensitive information, and the like.©2010 Osterman Research, Inc. 9
    • Why You Need to Focus on Social Networking in Your Company• The specific tools that can and cannot be used should be specified clearly, preferably along with a rationale for the decision.• Where appropriate and where possible, disclaimers should be included for communications like Facebook posts or blogs. Obviously, disclaimers will not be practical for tweets and other space-limited communication tools (unless, possibly, a short URL is included that points to a corporate disclaimer).• Policies should clearly spell out that management reserves the right to monitor employee communication via social networking, when it has the right to act on this information, and that content may be retained for an indefinite period.• Policies should also spell out the corporate reaction to and consequences of a breach of policy.DEPLOY THE RIGHT TECHNOLOGIESFinally, any organization should deploy technologies that will do the following:• Monitor posts Monitor employee posts on every social networking protocol that might be used. This monitoring may be after the fact, such as sampling employee posts to check for inappropriate content; or it might be in real time to monitor posts before they leave the organization.• Control the use of unauthorized tools Osterman Research has found that while many IT decision makers oppose the use of specific social networking tools or at least find them not to be legitimate for use in a business context, far fewer actually do anything to prevent their use.• Archive and log content Archive and log all relevant content that might constitute a business record and that might need to be retained. It is generally easier to simply archive or log all social networking content than take the risk that some important content might slip through and not be retained, but this will depend to a large extent on the industry in which an organization operates and other factors. A key part of content logging is to ensure that the identity of the individuals who use social networking tools is clear and that content can be tied back to their corporate identity. Most organizations will want to integrate their social networking archive with their primary electronic content archive. This makes legal holds, as well as searching across all electronic content during early case assessment and e-discovery, much easier and less time-consuming.• Block threats It is also vitally important to block threats that can enter an organization through social networking tools. This is particularly important given a) the widespread use of short URLs that offer the user no visual cues about the veracity of the link, and b) the fact that many social networking tools can display content provided by©2010 Osterman Research, Inc. 10
    • Why You Need to Focus on Social Networking in Your Company individuals to whom users have not given permission to display posts. One of the key problems with social networking from a security perspective is that these tools are generally less well defended than more established tools like email. Given the rapid increase in the use of many of these tools, many IT departments are scrambling to keep up with the rapid growth of social networking tools, leaving organizations vulnerable to malware infiltration. For example, an Osterman Research survey conducted during May 2010 revealed that 12% of mid-sized and large organizations in North America had been the victim of malware infiltration during the previous 12 months, while 9% of organizations had had sensitive or confidential information accidentally or maliciously leaked through a social networking or Web 2.0 applicationxii.Sponsor of This White Paper Actiance enables the safe and productive use of Unified Communications, collaboration and Web 2.0, including blogs and social networking sites. Formerly FaceTime Communications,Actiance, Inc. Actiance’s award-winning platforms are used1301 Shoreway by 9 of the top 10 US banks and more thanSuite 275 1600 organizations globally for the security,Belmont, CA 94002 management and compliance of unifiedUSA communications, Web 2.0 and social media+1 888 349 3223 channels. Actiance supports all leading social networks, unified communications providers400 Thames Valley Park Drive and IM platforms, including Facebook,Thames Valley Park LinkedIn, Twitter AOL, Google, Yahoo!, Skype, Microsoft, IBM and Cisco.Reading, RG6 1PTUnited Kingdom For more information about Actiance’s award+44 (0) 1189 637 469 winning platform, please visit www.actiance.com.www.actiance.com SOCIALITE Socialite is Actiance’s security, management,and compliance solution for Social Networks, providing granular control of Facebook,LinkedIn, and Twitter. Socialite not only controls access to nearly a hundred differentfeatures across social networks, but can also moderate, manage, and archive any socialmedia traffic routed through the solution, which can either be on-premise or hosted.©2010 Osterman Research, Inc. 11
    • Why You Need to Focus on Social Networking in Your Company© 2010 Osterman Research, Inc. All rights reserved.No part of this document may be reproduced in any form by any means, nor may it be distributed without the permissionof Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., withoutprior written authorization of Osterman Research, Inc.Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall thisdocument or any software product or other offering referenced herein serve as a substitute for the reader’s compliancewith any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executiveorder, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competentlegal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warrantyregarding the completeness or accuracy of the information contained in this document.THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIEDREPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY ORFITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS AREDETERMINED TO BE ILLEGAL.i http://www.finra.org/Industry/issues/Advertising/p006118ii http://techcrunch.com/2010/06/23/twitter-international-growth/iii http://blog.nielsen.com/nielsenwire/online_mobile/twitters-tweet-smell-of-success/iv http://www.latimes.com/entertainment/news/la-et-onthemedia-20100612,0,7583927.columnv http://blog.nielsen.com/nielsenwire/online_mobile/twitters-tweet-smell-of-success/vi http://www.pcmag.com/article2/0,2817,2364317,00.aspvii http://www.independent.co.uk/life-style/gadgets-and-tech/features/linkedin-its-who-you-know-2013877.htmlviii Unpublished Osterman Research survey data, May 2010ix http://shankman.com/be-careful-what-you-post/x http://www.delawareemploymentlawblog.com/2010/04/breach_of_noncompetition_agree.htmlxi http://newrulesofinvesting.com/2009/03/22/adviser-use-of-linkedin-may-violate-sec-rules/xii Source: Messaging and Web Security Market Trends, 2010-2013; Osterman Research, Inc.©2010 Osterman Research, Inc. 12